Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Does the tunnel go down if there is no activity?  (Read 3642 times)

bombcar

  • Jr. Member
  • **
  • Posts: 55
Does the tunnel go down if there is no activity?
« on: January 24, 2010, 10:16:51 PM »

I have a single server on an IPv6 tunnel, and it seems that I cannot access it from my other tunnel unless I first login to the server and run a ping6. Is this expected behavior?
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Does the tunnel go down if there is no activity?
« Reply #1 on: January 25, 2010, 01:50:13 AM »

Yes.  If you don't have a NAT rule forwarding IPv4 proto 41 to your router, lack of 6in4 tunnel traffic will cause the NAT connection table entry to time out, and incoming 6in4 traffic to be dropped as unsolicited.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Does the tunnel go down if there is no activity?
« Reply #2 on: January 25, 2010, 06:28:48 PM »

Hmm. The machine is raw on the internet (IPv4) - I'll have to look at the shorewall config.
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Does the tunnel go down if there is no activity?
« Reply #3 on: January 25, 2010, 07:09:02 PM »

Hmm. The machine is raw on the internet (IPv4) - I'll have to look at the shorewall config.
Ah I presumed you were behind a NAT.  But the same thing applies since you're using iptables (shorewall).  Make sure there's a rule in the INPUT chain which allows IP protocol 41 from the HE server to your outside IP.  

Should look something like this:

iptables --append INPUT --source x.x.x.x --destination x.x.x.x --proto 41 --jump ACCEPT

Since you're using Shorewall, it's probably some variable in a config file somehwere.  I've never used it sooo...
« Last Edit: January 25, 2010, 07:12:43 PM by jimb »
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Does the tunnel go down if there is no activity?
« Reply #4 on: January 25, 2010, 08:14:30 PM »

The secret was to upgrade to shorewall 4.4.2 along with shorewall6 - now it's working great.
Logged